Thursday, February 24, 2011

Ubertooth spectrum analyzer

I took a break from hardware and manufacturing concerns tonight and sat down to write some code. I probably should have worked on the USB bootloader, but instead I wrote a simple spectrum analysis function for the Ubertooth platform. Similar to other transceiver IC spectrum analyzers (like my IM-Me implementation), it tunes its receiver to one frequency at a time and records the received signal strength before hopping to the next frequency.

For now I'm just dumping a table of values to a file and plotting it with gnuplot. In the future perhaps a more sophisticated user interface could be built, maybe integrating with Mike Kershaw's Spectrum Tools or something like that. In this plot, you can see a busy 802.11g network on channel 1 (centered at 2412 MHz) and some Bluetooth traffic (a device performing an inquiry scan) throughout the band.

While testing this, I tried pushing the limits of the CC2400's tuning range for the first time. The device I tested functioned with its receiver tuned from 2268 to 2794 MHz. (The supported range is 2400 to 2483.) I didn't actually generate test signals to validate that it could see stuff throughout the entire range, but my guess is that it is usable across the whole tunable range but with degraded performance at the extremes.

The spectrum analysis code is available in the Ubertooth repository and will be included in the next release. Let me know if you do anything interesting with it. There are just a few days left to pick up one of the first batch of boards by making a pledge on Kickstarter.

9 comments:

tz said...

cool! Thanks! This will make the ubertooth much more useful as a generic tool (I'm in an apartment and finding a spectral gap is hard). Another useful thing might be just a plain H4 bluetooth stack. http://code.google.com/p/btstack/ can be compiled for Linux, but needs a device that uses H4 over serial, and these are very hard to find and almost as expensive as the ubertooth. It probably could work with the bluez stack too. I'm already on the list so I might be able to help when I get mine. Thanks again.

Michael Ossmann said...

It should be possible to build a complete Bluetooth stack on the Ubertooth platform, but it would be a lot of work! I doubt I'll do it myself as I am too lazy. I'm guessing that it would require 256 or perhaps even 512 kB of flash.

QHENT said...

Lazy? With only a little electronics background and no SMT experience, you motivate yourself to design and build an affordable promiscuous bluetooth sniffer hardware solution from scratch...and you call that lazy? I'd hate to see what you would call active.
Seriously, thank you very much for all your hard work and persistence.
Have an OUTSTANDING day!

Nicholas M said...

Hi Michael,

My organisation is looking for someone talented on the bluetooth front who can assist with some technical consultancy. Kindly mail me at info@superfalconltd.com

Thanks!
Nicholas

Anonymous said...

Hi Michael,

With Ubertooth, can we monitor the whole 79 channels simultaneously? Or do we have to lock on a hopping sequence to monitor that specific communication?

David

Michael Ossmann said...

David, Ubertooth One can monitor only one Bluetooth channel at a time. It should be capable of hopping along with a target piconet, but this has not been implemented yet.

KhaledHassan said...

Hello Michael,

I need to know how can I write the output data from ubertooth-specan directly to a file! :(

every other command takes -i except this one.

Best

Khaled

Michael Ossmann said...

Khaled, you can use standard shell redirection to save the output of ubertooth-specan.

Bashar Romanous said...

what is the ubertooth sampling rate?